| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
| |
except with only one user. done by sharing same code.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
the rpcclient "rpcclient" command allows user options to be reset
(e.g the username / password) _without_ terminating rpcclient.
try this:
rpcclient -S srv1 -U% -l log
srv1$ rpcclient -S srv2
srv2$
:-)
|
| |
|
|
|
|
| |
found out that getopt() _must_ have optind set to 0 before reuse.
still haven't decided what to do with the net* api yet...
|
| | |
|
| |
|
|
|
| |
struct cli_state, uint16 fnum into the code: rpc_hnd_api_req().
modified cli_lsarpc.c to use this. the rest is const issues.
|
| |
|
|
|
|
| |
if microsoft bothered to publish it. actually, there are good reasons
for not publishing it: people might write programs for it, and then
those programs wouldn't work on nt5, for example...
|
| |
|
|
|
|
| |
function, which takes \\server_name.
tested a _few_ functions. found that regcreatekey receives a Fault PDU.
|
| |
|
|
| |
do so twice. possible memory corruption, revolving around getopt().
|
| |
|
|
|
|
|
|
|
|
|
|
| |
verified that lsaquery, lsalookupsids work, and found some bugs in the
parameters of these commands :-)
soo... we now have an lsa_* api that has the same arguments as the nt
Lsa* api! cool!
the only significant coding difference is the introduction of a
user_credentials structure, containing user, domain, pass and ntlmssp
flags.
|
| |
|
|
|
|
|
|
|
| |
msrpc client code. the intent is to hide / abstract / associate
connection info behind policy handles.
this makes the msrpc functions look more and more like their nt equivalents.
who-hou!
|
| |
|
|
|
|
| |
CVS UPDATE MAY ISSUE WARNING ABOUT lib/util_hnd.c MODIFICATION
DATE BEING IN THE FUTURE. CVS CHECKOUT A NEW REPOSITORY MAY BE
SAFER.
|
| |
|
|
| |
attempted to fix regsetsec command
|
| | |
|
| |
|
|
| |
command fails.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
from rpcclient/cmd_*.c.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
means that some commands need more work, as they still use next_token(),
the use of which i wish to avoid.
plus, i was getting fed up of the poor command-line processing in some
of these commands. i'm starting to need getopt() in them, especially
in samsetuser.
WARNING: only cmd_samr has been modded to use getopt() so far! reg
commands won't work, esp.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
have we got. and what data do we have. hmm.. i wonder what the NTLMv2
user session key can be... hmmm... weell.... there's some hidden data
here, generated from the user password that doesn't go over-the-wire,
so that's _got_ to be involved. and... that bit of data took a lot of
computation to produce, so it's probably _also_ involved... and md4 no, md5?
no, how about hmac_md5 yes let's try that one (the other's didn't work)
oh goodie, it worked!
i love it when this sort of thing happens. took all of fifteen minutes to
guess it. tried concatenating client and server challenges. tried
concatenating _random_ bits of client and server challenges. tried
md5 of the above. tried hmac_md5 of the above. eventually, it boils down
to this:
kr = MD4(NT#,username,domainname)
hmacntchal=hmac_md5(kr, nt server challenge)
sess_key = hmac_md5(kr, hmacntchal);
|
| |
|
|
| |
_use_ user session key.
|
| | |
|
| | |
|
| |
|
|
| |
NT refuses to play nice, and establish a trust relationship.
|
| |
|
|
| |
smbpasswd so it can be used to set up inter-domain trust account.
|
| |
|
|
|
|
|
|
|
|
| |
is to pass DOMAIN_NAME$ and SEC_CHAN_DOMAIN instead of WKSTA_NAME$ and
SEC_CHAN_WKSTA.
modified check_domain_security to determine if domain name is own domain,
and to use wksta trust account if so, otherwise check "trusting domains"
parameter and use inter-domain trust account if so, otherwise return
False.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
some of the server-side stuff. Realloc() was being used, so it
Realloc()d some random area of memory. oops.dynamic memory allocation i added a month ago: forgot to ZERO_STRUCT()
some of the server-side stuff. Realloc() was being used, so it
Realloc()d some random area of memory. oops.dynamic memory allocation i added a month ago: forgot to ZERO_STRUCT()
some of the server-side stuff. Realloc() was being used, so it
Realloc()d some random area of memory. oops.
|
| |
|
|
| |
actually for.
|
| |
|
|
|
| |
Windows 95. i can just imagine some people saying "it dunna wurk on
my box at home", and me having to reply, "i dunna care".
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
have the string max length = string length + 1.
if not, then it gets its knickers in a twist over whether the string
is NULL-terminated or not.
four days.
four days i spent on this one.
|
| |
|
|
|
|
|
|
|
| |
the random workstation trust account password is TOTAL garbage. i mean,
complete garbage. it's nowhere CLOSE to being a UNICODE string. therefore
we can't just take every second character.
created nt_owf_genW() which creates NT#(password) instead of NT#(Unicode(pw)).
followed through to the password setting in srv_samr.c
|
| |
|
|
| |
after them is incredible. how did we get away with this for so long?
|
| |
|
|
|
|
|
|
| |
desired flag MUST be set in any NBT UDP packets sent to a WINS
server, else they will go to the WINS client side of the NT NetBIOS
kernel instead, and will get trashed.
- added \PIPE\browser server-side code.
|
| |
|
|
|
| |
believe the XXXX that MIGHT be involved in getting nt5rc2 to join
a samba domain...
|
| |
|
|
|
|
|
| |
request name.
modified createuser rpcclient command to examine name being added. if it
ends in a $, assume that a workstation trust account is being added.
|
| |
|
|
| |
of 0x2). [p.s. getting REALLY bored of this nt5rc2->samba domain stuff].
|
| |
|
|
|
| |
samr opcode 0x25. _yet_ another failed attempt to get nt5rc2 to join
a samba domain. what _is_ it with this stuff, dammit?
|
| |
|
|
| |
a char*. now copes with multiple types.
|
